Xcode 11 fails to resolve packages (Swift Package Manager) because of SSH Fingerprints check. This is a known issue at Apple and they provide a workaround https://developer.apple.com/documentation/xcode_release_notes/xcode_11_release_notes (see issue #50686014). But the thing is, I canât get it to work⌠Does anybody managed to resolve this issue?
Environment:
Bitrise.io: Stack: Xcode 11, macOS 10.14.5 (Mojave)
Step: Xcode Archive and export for iOS
Reproducibility
Have an Xcode 11 project that uses Swift Package Manager with private package (like hosted on Bitbucket)
Build log
Fetching git@bitbucket.org:[owner_name]/[repo_name].git
xcodebuild: error: Could not resolve package dependencies:
The server SSH fingerprint failed to verify.
I have just hit this issue and I was able to work around thanks to your reference to the Xcode issue. In my case I have a GitHub hosted iOS project with a private package hosted on a separate GitHub repo. I had to add two steps between the project checkout and building the app:
Firstly I added an âActivate SSH key (RSA private key)â step, setting the âSSH private key in RSA formatâ to a variable name, eg: â$DEPLOYMENT_KEYâ (this has to be done manually in .yml). Then create a secret for that variable with the value of the private key. In my case this the private key for the GitHub Deployment Key for the private dependency.
Secondly as per the Apple workaround, I needed to add an entry to the known_hosts file. This can be done via a âScriptâ step. For GitHub, you can use:
for ip in $(dig @8.8.8.8 github.com +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts
This is working and I expect you can achieve the same with Bitbucket.
We are having the same problem, but Iâm happy to say that this workaround works for bitbucket.org as well. Letâs hope that Fastlane or Bitrise can come up with a lane/step that solves this.
A quick follow up and maybe some more help if the above doesnât work for you.
This workaround worked for our internal dependencies, which depend on each other. However, it didnât work for the main app, which depends on all of them. The builds once again failed with the fingerprint error.
After digging around without finding anything strange, we added a known host printout build step and could verify that the script did in fact add new hosts. However, the format was off.
Looking into our workflows, we noticed that a line break had made its way into the script. This caused the script to add new hosts with an incorrect format. Removing the line break made this workaround work once more.
Hi! It was a boy cried wolf situation. The script had been incorrectly added to our appâs workflows. Removing the line break made the workaround work once more.
Even after following everything stated here I was still having problems. Here is my solution:
To start, the fastlane build command uses the -resolvePackageDependencies since the last version (2.141.0), so there is no need to call -showBuildSettings
Use the script to add the IPs to the known_hosts
I was using HTTPS for the open dependencies and SSH for the private one, but for some reason if I set all my external dependencies to use the SSH URL (git@github.com:âŚ) it works. I have no idea what is happening and why it works, but it works.
Sorry to hear about this. Can you please send the relevant build URLs our way, enable support access and any other details you may attribute to this so we can look into it deeper?
EDIT: @bitce any update here? Having false negatives for failing is really disruptive. Id be happy to change my configuration if its user error, but Im at a loss over here.
We are looking into your logs, which are currently investigated by higher tier support, but could you please enable Support Access on the Settings tab of the app (Enabling the Bitrise Support user for your app | Bitrise DevCenter), so that I may take a closer look?
